Commit dcd1c6a9 authored by Tong Tiangen's avatar Tong Tiangen Committed by Zheng Zengkai
Browse files

arm64: ras: copy_from_user scenario support uce kernel recovery 

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4PM10


CVE: NA

--------------------------------

During kernel copy_from_user processing, the kernel triggers a RAS
exception when reading pages. In this solution, we identify this
scenario in the kernel do_sea processing process, send SIGBUS signals
to the process that triggers copy_from_user and isolate memory pages,
preventing kernel panic.

At the same time, we use cmdline(uce_kernel_recovery) or proc
(/proc/sys/kernel/uce_kernel_recovery) to control this feature on/off.

Usage:
1. Each bit controls whether this feature is turned on in a scene,
    1 means turned on and 0 means turned off.
2. Bit2 represents copy_from_user scene, other bits are currently
    reserved.

eg: make copy_from_user scene open this feature:
1. echo 4 > /proc/sys/kernel/uce_kernel_recovery.
or
2. uce_kernel_recovery=4 add to cmdline.

Signed-off-by: default avatarTong Tiangen <tongtiangen@huawei.com>
Reviewed-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
Reviewed-by: default avatarXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 2c36be94

Documentation/admin-guide/sysctl/kernel.rst

+17 −0
Original line number Diff line number Diff line
@@ -1526,3 +1526,20 @@ is 10 seconds. 


The softlockup threshold is (``2 * watchdog_thresh``). Setting this

tunable to zero will disable lockup detection altogether.



uce_kernel_recovery(ARM64 only)

===============================



This value can be used to control whether panic the kernel when UCE RAS

errors occur in a specific scenario. Each bit controls a scene, 1 means

avoid kernel panic when encountering UCE RAS error in this scenario, and

0 means kernel panic.



Current usage of each bit:



============  ==============

bit0          reserved

bit1          reserved

bit2          copy_from_user

bit3 ~ bit31  reserved

============  ==============

arch/arm64/Kconfig

+9 −0
Original line number Diff line number Diff line
@@ -1634,6 +1634,15 @@ config ARM64_CNP 
	  at runtime, and does not affect PEs that do not implement

	  this feature.



config ARM64_UCE_KERNEL_RECOVERY

	bool "arm64 uce kernel recovery for special scenario"

	depends on ACPI_APEI_SEA

	help

	  With ARM v8.2 RAS Extension, SEA are usually triggered when memory

	  error are consumed. In some cases, if the error address is in a

	  user page there is a chance to recover. we can isolate this page

	  and killing process instead of die.



endmenu



menu "ARMv8.3 architectural features"

arch/arm64/include/asm/exception.h

+13 −0
Original line number Diff line number Diff line
@@ -19,6 +19,19 @@ 
#define __exception_irq_entry	__kprobes

#endif



#ifdef CONFIG_ARM64_UCE_KERNEL_RECOVERY

bool arm64_process_kernel_sea(unsigned long addr, unsigned int esr,

			      struct pt_regs *regs, int sig,

			      int code, void __user *siaddr);

#else

static inline bool arm64_process_kernel_sea(unsigned long addr, unsigned int esr,

					    struct pt_regs *regs, int sig,

					    int code, void __user *siaddr)

{

	return false;

}

#endif



static inline u32 disr_to_esr(u64 disr)

{

	unsigned int esr = ESR_ELx_EC_SERROR << ESR_ELx_EC_SHIFT;

arch/arm64/lib/copy_from_user.S

+11 −0
Original line number Diff line number Diff line
@@ -60,6 +60,17 @@ SYM_FUNC_START(__arch_copy_from_user) 
#include "copy_template.S"

	mov	x0, #0				// Nothing to copy

	ret



/*

 * In feature CONFIG_ARM64_UCE_KERNEL_RECOVERY, if RAS error is triggered

 * in copy_from_user(), RAS error is processed in do_sea() and

 * copy_from_user_sea_fallback will be assigned to regs->pc, finally return

 * here to continue processing.

 */

	.global copy_from_user_sea_fallback

copy_from_user_sea_fallback:

	sub	x0, end, dst			// bytes not copied

	ret

SYM_FUNC_END(__arch_copy_from_user)

EXPORT_SYMBOL(__arch_copy_from_user)

arch/arm64/mm/Makefile

+2 −0
Original line number Diff line number Diff line
@@ -11,6 +11,8 @@ obj-$(CONFIG_DEBUG_VIRTUAL) += physaddr.o 
obj-$(CONFIG_ARM64_MTE)		+= mteswap.o

KASAN_SANITIZE_physaddr.o	+= n



obj-$(CONFIG_ARM64_UCE_KERNEL_RECOVERY)	+= uce_kernel_recovery.o



obj-$(CONFIG_KASAN)		+= kasan_init.o

KASAN_SANITIZE_kasan_init.o	:= n